General

  • Target

    1b0726100586701f9058e38a25a4e7ddd4058c3da82cfdaa11d4246c66fc15b6

  • Size

    29KB

  • Sample

    250529-lzrreabn4v

  • MD5

    f85dbce1d2e6abf206cf7c404f4eb1ef

  • SHA1

    c208b82a64dd81cffc6c1eea45b0614ce261c1d4

  • SHA256

    1b0726100586701f9058e38a25a4e7ddd4058c3da82cfdaa11d4246c66fc15b6

  • SHA512

    d3386a7a1929ddc7435f9dbaec0a297ac488fb805051e0c8aa416dc3dffdf1d25b011d2d072e760e2590230ad941621870bd146993361f8773539452afdbca73

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOoJhiJhuMy9rIMy9r6:uGIIoJhiJhuMyVIMyV6

Malware Config

Targets

    • Target

      1b0726100586701f9058e38a25a4e7ddd4058c3da82cfdaa11d4246c66fc15b6

    • Size

      29KB

    • MD5

      f85dbce1d2e6abf206cf7c404f4eb1ef

    • SHA1

      c208b82a64dd81cffc6c1eea45b0614ce261c1d4

    • SHA256

      1b0726100586701f9058e38a25a4e7ddd4058c3da82cfdaa11d4246c66fc15b6

    • SHA512

      d3386a7a1929ddc7435f9dbaec0a297ac488fb805051e0c8aa416dc3dffdf1d25b011d2d072e760e2590230ad941621870bd146993361f8773539452afdbca73

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rOoJhiJhuMy9rIMy9r6:uGIIoJhiJhuMyVIMyV6

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5283) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks